Hans, Yes, the Client App is expected to implement all the important parts of an OpenID 2.0 Relying Party. This means it will support XRI, Yadis, and HTML discovery.
It's unlikely systems will have clashing namespaces, but is possible (most corporate user accounts don't begin with "=", "@", "+", etc, and most don't use a format similar to URLs). For a PAM implementation, the system would likely give priority to all other authentication types, and fall back to OpenID if there are no matches. Or, the implementor may wish to prompt the user for the authentication type, or provide instructions to add a special prefix to the account name. As for the wording in step 4, oops. Thanks for catching that. It should be "The user is prompted for their verification key, which is typed in and submitted." I have never personally done a PAM module, so I'm not a good fit. I think it would work very well though. Know anyone who might want to give it a try? Thanks, John
_______________________________________________ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs